EJBCA Cloud 2.0 Release Notes

PrimeKey is proud to announce the release of EJBCA Cloud 2.0.

This is a significant release for EJBCA Cloud and introduces a configuration wizard for CloudHSM and Relational Database Service (RDS) installation.

Highlights

Wizard-based Configuration

The new configuration wizard assists users to more easily configure the instance and allows you to:

  • Configure a Subject Alternative Name (SAN) to a certificate upon install. This SAN is domain validated for the correct format (it is not looked up in the Domain Name System (DNS)).
  • Install directly to an RDS database of MariaDB format.
  • Set a custom superadmin password and username during installation.
  • Import a CA certificate to have the instance be used as a Registration Authority (RA) or Validation Authority (VA).
  • Configure the CloudHSM to configure the ManagementCA keys in a CloudHSM cluster. Note that this cannot be validated before installation due to AWS restrictions. If the install fails, it will fall back to a soft key install.

For more information on configuring an EJBCA Cloud AWS instance, see the AWS Launch Guide.

EJBCA Enterprise Upgrade

The EJBCA Enterprise 7.3.1.2 maintenance release resolves vulnerabilities found in EJBCA during penetration testing.

For more information, refer to EJBCA 7.3.1.2 Release Notes.

EJBCA Enterprise Cloud VA in AWS

The EJBCA Enterprise version in the VA specific instance in the AWS Marketplace is upgraded to 7.3.1.2. For more information, refer to EJBCA Release Notes.

The EJBCA Enterprise Cloud Validation Authority (VA) version in AWS is now 2.1. For more information, see EJBCA Cloud AWS VA.

New Features and Improvements

New Features and Improvements in AWS

The following lists new features and other changes included in the release:

  • EC-135 - Backup and restore scripts now accommodate for any install made into RDS.  Restore scripts also now reconfigure CloudHSM to make upgrades easier.
  • EC-140 - Port 8080 was found to be open and no longer needed since Apache is used to front end WildFly. Port closed.
  • EC-141 - CloudHSM provider upgraded to allow crypto tokens to be auto-activated.
  • EC-142 - Upgrade EJBCA to 7.3.1.2.
  • EC-143 - Node does not install when no public DNS name is attached to public IP.
  • EC-144 - new_tls_cert.sh script no longer includes public IP and DNS information unless specified.

New Features and Improvements in Azure

  • The Azure wizard now allows setting the hostname so that subsequent installs can have a different name. Deploying more than one instance in the past was difficult because VMNames are fairly static in Azure.
  • External DNS name can now be chosen in the Azure wizard. Any Static or Dynamic DNS name will be added to the TLS certificate for the EJBCA host.

For more information, see Launch EJBCA Enterprise Cloud on Azure.

Upgrade Information

For information on how to upgrade an EJBCA Cloud hourly instance node from one version of EJBCA to another, see the AWS Restore and Upgrade Guide and Azure Restore and Upgrade Guide.